EUVD-2026-23358

The Kubio plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to and including 2.7.2. This is due to insufficient capability checks in the kubiorestpreinsertimportassets function, which is hooked to the restpreinsertposttype filter for posts, pages, templates, and template...

PT-2023-20682 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions prior to 9.23.0 Description: Directus is a real-time API and App dashboard for managing SQL database content. It is vulnerable to Server-Side Request Forgery SSRF when importing a file from a remote web server via a POST...

The vulnerability of microprogrammed software in industrial modems of the OnCell G3470A-LTE Series and WDR-3124A Series, as well as in microprogrammed software for Wi-Fi routers of the TAP-323 Series, WAC-1001 Series, and WAC-2004 Series, arises from the lack of protective measures for website structures. This allows attackers to import any file through the web interface.

The vulnerabilities of microprogrammed software in industrial modems of the OnCell G3470A-LTE Series, WDR-3124A Series, microprogrammed software in Wi-Fi routers of the TAP-323 Series, WAC-1001 Series, and WAC-2004 Series are related to the lack of measures taken to protect the website structure...

SA-CONTRIB-2010-049 - Wordpress Import - Access bypass

The Wordpress Import module provides the ability to import nodes from a Wordpress WXR export file. The form to import a WXR file does not use the correct access permission and allows any user to upload arbitrary files and import data from a remote WRX file. Versions affected Wordpress Import for...